Sneaky Techniques

The pitch: Get your message to Internet users instantly, in a format they’re almost guaranteed to pay attention to, and pay much less than you would for an email marketing campaign. Avoid spam filters and spam laws. In fact, avoid cluttered emailboxes entirely. You don’t even need an email list. Target geographically by IP address, and get nearly instant feedback on your campaign.

Sounds good, right?

That’s the proposition put forward by a number of software companies touting their ability to reach people instantly, right on their desktops, no matter what Web site they’re visiting — even if they’re not surfing at all. Products such as galaxySend, ip-adverts, and MassDirect Advertiser — for a low, low price of just hundreds of dollars — let marketers send messages via a built-in Windows OS feature called “Messenger service.” The ad pops up in a little window that looks exactly like Windows system messages. They originate from the Web, not your computer, but how’s a neophyte computer user to know that?

The ads fall into a category of deceptive messaging techniques that use Microsoft “features,” either in Windows or Internet Explorer, to dupe hapless computer users who are conditioned to believe messages appearing in those gray boxes must be important.

One of the most common has been dubbed the “drive-by download.” Maybe you’ve experienced it when you mistyped a URL or somehow landed on a not-so-reputable site. What happens is a gray box with the heading “Security Warning” pops up and asks if you want to install and run a certain program.

This can happen at reputable Web sites, too — often, at page with content requiring a plug-in you don’t have (usually for rich or streaming media content). The difference is drive-by downloads ask you to download software not needed to view the page content. It may do something else entirely.

Both scenarios use the same technical mechanism, but one tricks computer users. After surfing the Web for a while, they begin to trust those gray message boxes, knowing (or thinking they know) the software they’re asked to download is necessary to see the page. Drive-by downloads exploit this trust.

“The marketer is sort of force-feeding you this software rather than your getting it yourself,” said Richard M. Smith, a noted Internet privacy expert. “Even if you say, ‘No, I don’t want this thing,’ you have to keep saying no, no, no, every time.”

It’s enough to leave a bad taste in your mouth about going online at all and enough to give interactive marketers a bad name. Needless to say, don’t let yourself be tempted by these techniques. They may deliver a short-term spike in sales, but mostly what they’ll do is damage your brand’s credibility. Who wants to be viewed as an unwanted invader of someone’s computer? Worse, employing the drive-by download technique, even if it does give users a chance to refuse, could lump you in with other software companies that have raised the ire of computer users.

Short of Microsoft rewriting its operating system to disable these features — difficult, as they do have legitimate uses — what can be done about these scourges? Education is the best defense. I encourage you to discuss the issue with your friends and families — especially when the subject of the Internet comes up and you hear complaints about ads (nearly inevitable these days).

With drive-by downloads, education and search engines are allies. When asked if you’d like to download a Brand X app, do some quick research before clicking “yes.”

Messenger service spam, as it’s come to be called, is more easily defeated. A firewall, which is important for Internet security anyway, can prevent these messages from arriving. If your computer runs Windows XP, the latest updates allow you to turn on an Internet connection firewall, which does the trick. Alternatively, people can turn off the Messenger service entirely, although doing so prevents legitimate messages, such as alerts from anti-virus software, from getting through as well. (Of course, you could avoid this mess entirely by using a Mac or Linux operating system.)

Although Microsoft provides information on its Web site about addressing the problem, the company doesn’t seem overly concerned, saying it doesn’t pose a security threat.

“Spammers are apparently blindly sending text advertisements to the Messenger service on a range of IP addresses,” a Microsoft spokesperson told me. “These messages, like all Messenger messages, do not allow the sender to take any action on the recipient’s computer and can be cleared by simply closing the pop-up dialogue. Microsoft has received inquiries on this, but because the spam can be stopped with the Internet Connection Firewall, it does not seem to be a growing problem.”

Already, one of the better-known purveyors of Messenger service spamming software,, appears to have gone out of business, or at least has taken down its Web site. (The link is to a cached Google image of the company’s home page.) One side of me hopes the growth of Messenger service spam will nose-dive before it really gets started. But the other side is more cynical, thinking unscrupulous marketers will continue to employ it, as long as it makes them money. Help spread the word and ensure it doesn’t.

Related reading